Lucene search
K

38 matches found

Vulnrichment
Vulnrichment
added 2023/03/07 12:0 a.m.6 views

CVE-2023-26955

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Admin Group module...

6.1AI score0.00376EPSS
Exploits1References1
CVE
CVE
added 2023/03/07 12:0 a.m.44 views

CVE-2023-26954

CVE-2023-26954 affects onekeyadmin v1.3.9, with a stored cross-site scripting (XSS) vulnerability in the User Group module . The issue is characterized as a stored XSS (root cause not further detailed in the sources) with CVSSv3.1 base metrics: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, base score 5.4 ...

5.4CVSS5.3AI score0.00384EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/03/07 12:0 a.m.27 views

CVE-2023-26954

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the User Group module...

5.5AI score0.00384EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/03/07 12:0 a.m.5 views

CVE-2023-26954

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the User Group module...

6.1AI score0.00384EPSS
Exploits1References1
CVE
CVE
added 2023/03/07 12:0 a.m.38 views

CVE-2023-26955

Affected software: onekeyadmin v1.3.9. Vulnerability: stored cross-site scripting (XSS) via the Admin Group module. Root cause / nature: XSS flaw enabling injection in the Admin Group component, as reported across multiple sources. Impact (as stated): medium severity per CVSS 3.1 (Base score 5.4)...

5.4CVSS5.3AI score0.00376EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2023/03/07 12:0 a.m.7 views

OneKeyAdmin 跨站脚本漏洞

OneKeyAdmin is About plug-in management system based on Thinkphp6+Element, website, applet, mall, CMS, APP, ERP, API interface a system to get it all done, no scaffolding out of the box! A security vulnerability exists in OneKeyAdmin version 1.3.9, which stems from the discovery of a stored...

5.4CVSS5.4AI score0.00384EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2022/07/05 12:0 a.m.4 views

@5minlab/serverless-typeorm (=1.1.0), @abdelrahmannoaman-mdlabs/group-module (>=1.0.1 <=1.0.68) +2285 more potentially affected by CVE-2022-33171 via typeorm (>=0.0.10 <=0.3.0-rc.33)

typeorm NPM version =0.0.10, =1.0.1, =3.3.4, =1.0.1, =0.0.1, =0.9.3, =1.0.0, =1.1.126, =1.0.0, =1.0.0, =0.0.1, =0.1.0, =0.1.1 and more Source cves: CVE-2022-33171 Source advisory: OSV:GHSA-FX4W-V43J-VC45...

9.8CVSS7.2AI score0.20299EPSS
Exploits6
OSV
OSV
added 2020/08/05 8:5 p.m.3 views

DRUPAL-CONTRIB-2020-033

The Group module enables you to hand out permissions on a smaller subset, section or community of your website. Under very specific circumstances, where two group types support the same content, yet hand out different permissions, non-members of the first group type may use the set of permissions...

6.8AI score
Exploits0References1
OSV
OSV
added 2020/08/05 3:47 p.m.5 views

DRUPAL-CONTRIB-2020-032

The Group module enables you to hand out permissions on a smaller subset, section or community of your website. With the 1.1 security release, new code was introduced to ensure proper access for all entity types, but a mistake introduced unexpected access to unpublished nodes...

7AI score
Exploits0References1
Drupal
Drupal
added 2020/08/05 12:0 a.m.14 views

Group - Moderately critical - Information disclosure - SA-CONTRIB-2020-032

The Group module enables you to hand out permissions on a smaller subset, section or community of your website. With the 1.1 security release, new code was introduced to ensure proper access for all entity types, but a mistake introduced unexpected access to unpublished nodes...

6.8AI score
Exploits0References4
Drupal
Drupal
added 2020/08/05 12:0 a.m.10 views

Group - Moderately critical - Information disclosure - SA-CONTRIB-2020-033

The Group module enables you to hand out permissions on a smaller subset, section or community of your website. Under very specific circumstances, where two group types support the same content, yet hand out different permissions, non-members of the first group type may use the set of permissions...

6.5AI score
Exploits0References3
CNVD
CNVD
added 2016/01/15 12:0 a.m.3 views

Drupal Field Group Module Cross-Site Scripting Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Field Group is one of the modules used to group fields. A cross-site scripting vulnerability exists in Drupal Field Group, which can be exploited by remote attackers to inject malicious...

6.1CVSS6AI score0.00619EPSS
Exploits0References1
NVD
NVD
added 2016/01/08 9:59 p.m.10 views

CVE-2016-1565

Cross-site scripting XSS vulnerability in the Field Group module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with permission to configure field display settings to inject arbitrary web script or HTML via an element attribute...

6.1CVSS5.8AI score0.00619EPSS
Exploits0References2
OSV
OSV
added 2016/01/08 9:59 p.m.3 views

CVE-2016-1565

Cross-site scripting XSS vulnerability in the Field Group module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with permission to configure field display settings to inject arbitrary web script or HTML via an element attribute...

6.1CVSS5.9AI score0.00619EPSS
Exploits0References2
CVE
CVE
added 2016/01/08 9:0 p.m.43 views

CVE-2016-1565

An XSS vulnerability (CVE-2016-1565) affects the Drupal Field Group module for Drupal 7.x: versions prior to 7.x-1.5; remote authenticated users with permission to configure field display settings can inject script/HTML via an element attribute. Drupal core is not affected. Remediation: upgrade F...

6.1CVSS5.7AI score0.00619EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2013/07/16 6:55 p.m.17 views

CVE-2013-1907

The Commons Group module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors...

5CVSS6.8AI score0.02908EPSS
Exploits0References9
Cvelist
Cvelist
added 2013/07/16 6:0 p.m.20 views

CVE-2013-1907

The Commons Group module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors...

6.8AI score0.02908EPSS
Exploits0References9
CVE
CVE
added 2013/07/16 6:0 p.m.49 views

CVE-2013-1907

The CVE-2013-1907 issue affects the Drupal Commons distribution’s Commons Groups module (versions prior to 7.x-3.1). The vulnerability arises from inadequate access control, allowing remote/anonymous users to post arbitrary content to groups via unspecified vectors, effectively an access bypass w...

5CVSS7AI score0.02908EPSS
Exploits0References9Affected Software2
Rows per page
Query Builder